Cisco is a perennial front-runner in delivering state-of-the-art firewall appliances for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) provide a modern cybersecurity solution that combines dedicated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to anticipate, discover, and respond to threats automatically. Progent's Cisco-certified CCIE firewall experts can help your organization to design and carry out an efficient migration to Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you enhance Firepower appliances with Cisco's security services to create and centrally manage IT environments that span local offices, data centers, private clouds and public clouds. Progent can also assist you to manage and debug older-generation Cisco firewalls. Progent's certified cybersecurity consultants can assist you with policy creation and tuning driven by industry best practices in order to establish a consistent and effective security profile that applies to all your networked endpoints anywhere.
Cisco's Firepower Next Generation Firewalls
Cisco's Firepower Next Generation Firewalls deliver a major performance boost compared to Cisco's popular ASA 5500-X firewalls and offer unified management of modern security features like application visibility and control, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), URL filtering, and multi-node sandboxing. For more information about Cisco's Firepower line of Next Generation Firewalls, see Cisco Firepower firewalls consulting services.
Cisco's ASA 5500-X Series and Legacy Firewalls
Ciscoís ASA 5500-X Series, ASA 5500 Series, and PIX 500 firewall appliances offer integrated firewall, VPN, and intrusion prevention system (IPS) capabilities in compact single-box devices, delivering a broad array of features to meet the security and compliance requirements of companies ranging from small businesses to enterprises and ISPs. Ciscoís ASA 5500-X Series, ASA 5500, and PIX 500 firewalls allow network security staffs to protect their network edge and offer safe offsite and mobile access while using powerful management mechanisms built on Cisco's industry-leading firewall technology.
Ciscoís ASA 5500 and PIX 500 firewalls have arrived at end-of-life status but remain commonly used in smaller businesses as well as in some enterprise networks. The ASA 5500-X Next-Generation Firewalls deliver significantly more bang for the buck and have superseded Cisco's ASA 5500 and PIX 500 families of firewalls for new installations. However, Cisco's older model firewalls, if carefully managed, continue to deliver a high degree of protection by providing multiple features such as firewall, IPsec VPN, and IPS.
Following Cisco's acquisition of Sourcefire, the entire line of ASA 5500-X firewalls can be provisioned to enable Firepower Services, built on Sourcefire's Snort product, which is the market's most popular intrusion protection system. Firepower services bring powerful new features including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco-certified infrastructure engineers can help your organization to maintain and debug legacy ASA 5500 and PIX firewalls and can also assist you to plan and implement an efficient upgrade to Ciscoís ASA 5500-X Series firewalls with Firepower. Progent can also assist you to plan, configure, tune, administer and debug new firewall ecosystems based on Cisco's current ASA 5500-X firewalls with Firepower Services. Progent's firewall consultants can also help you to migrate from your Cisco ASA 5500-X Series solution to Cisco's latest Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X firewalls features an improved replacement for each rack-mountable unit in the previous ASA 5500 generation of devices. Each ASA 5500-X model is suited for the identical market as the corresponding earlier models, which gives most ample room for selecting a firewall that aligns with their security requirements and IT budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all include purpose-built 64-bit hardware with multicore CPUs and are capable of running Cisco's advanced security services. All devices in Cisco's ASA 5500-X family provide consistent protection across any combination of physical, virtual, and cloud environments.
For additional information about ASA 5500-X security appliances, Cisco Firepower services, and Progent's support for ASA firewalls, see Cisco Firepower configuration and debugging expertise
Cisco's Firepower Services for ASA 5500-X Security Appliances
Cisco ASA 5500-X security appliances work with software or physical modules that enable Firepower Services, which provide layered protection against multi-vector threats. Cisco's Firepower Services are based on technology acquired by Cisco from Sourcefire. Key features of Firepower Services for ASA 5500-X firewalls include:
- Layered protection against familiar and zero-day attacks
- Cisco's Advanced Malware Protection that utilizes big data techniques to discover and remediate intrusions
- A Next-Generation Intrusion Prevention System that provides contextual analysis that looks at clients, infrastructure, software applications, and content to discover attacks that use multiple approaches
- High-resolution Application Visibility and Control that is familiar with thousands of apps and can automatically activate both standard and custom IPS policies depending on the severity of risk
Firepower Services for ASA firewalls offer advanced multi-layered security
Simpler implementations of ASA firewalls can be efficiently administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility which is provided with all ASA 5500-X models. ASDM provides a convenient web dashboard for configuring, managing, and debugging ASA 5500-X devices and service modules.
For more complex environments, ASA 5500-X appliances with Firepower Services can be managed using Firepower Management Center, available as one or several physical units or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Due to frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names including Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Firepower Management Center centralizes event and policy management for Firepower firewall appliances
Firepower Management Center offers capabilities unavailable with Cisco's on-device Adaptive Security Device Manager utility. Extra capabilities include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for client devices, a dashboard that provides dynamic network infrastructure visualization, automated policy optimization based on risk evaluation of threats, advanced IPS, custom application detectors for Application Visibility and Control, customized health notifications, enhanced reporting options, and APIs for host input and databases. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be handled via Cisco's ASA 5500-X on-device ASDM or the ASA 5500-X CLI.
Cisco ASA 5500 Family of Firewalls
Cisco Adaptive Security Appliances Firewalls leverage engineering developed for Cisco's PIX 500 family Security Appliance, the IPS 4200 sensor, and the Cisco VPN 3000 Series concentrator. These technologies enable the Cisco ASA Firewall product line to deliver a firewall that stops the widest variety of attacks. Cisco Adaptive Security Appliances (ASA) 5500 Series Firewalls provide program security, network containment and control, and clean VPN connectivity across the entire product portfolio. This broad scope of security enables the guarding of any network area, which includes the most typical threat vectors such as remote sites, LAN-connected internal users, and remote connected Virtual Private Networks.
The scalable design of the Cisco ASA 5500 Series enables you to add more services by installing security service modules and security service cards. These easy-to-install options give you the option of adding Intrusion Protection and content protection functions like blocking virus, spyware, and phishing attacks and executing data and URL screening. Beside enabling your IT staff to react quickly to the latest risk environments, the extensible design of the Cisco ASA 5500 Series also leverages your capital investment by increasing the useful life of your security appliances. The Cisco ASA 5500 Series also protects your investment in IT team education by utilizing the rich library of PIX management tools and protocols such as the Cisco Adaptive Security Device Manager system, secure command-line interface (CLI) availability, syslog, and Simple Network Management Protocol.
Cisco Adaptive Security Appliances (ASA) firewalls provide robust application security via smart, application-sensitive inspection engines that examine traffic at Layers 4-7. This produces a better protected environment covering Web, voice, and mobile wireless access. To protect networks against application-layer attacks and to provide better policing of the applications and protocols used in their networks, Cisco's inspection engines incorporate extensive application and protocol knowledge and employ protection enforcement technologies such as protocol anomaly sensing and state tracking. Also incorporated are attack detection and remediation techniques including application and protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also deliver management of IM and tunneling applications, allowing businesses to police usage policies and recover bandwidth for important business applications.
For more details about Progent's support services for ASA 5500 firewalls, see Cisco ASA 5500 series firewalls integration and debugging services.
Built around a hardened, specialized operating system that delivers a wealth of protection features, Cisco PIX firewalls provide excellent security and have received EAL 4 status and ICSA Firewall and IP Security (IPsec) qualification. Cisco PIX firewalls offer protection for a wide array of Voice over IP and additional mixed-media conventions such as H.323 v. 4, Session Initiation Protocol (SIP), SCCP, Real-Time Streaming Protocol (RTSP), and Media Gateway Control Protocol, enabling organizations to safeguard installations of a wide range of contemporary and upcoming IP voice and multimedia applications.
PIX firewalls offer a wealth of setup, tracking, and analysis features, giving IT managers the versatility to utilize the methods that best meet their requirements. Management solutions include common, policy-based management tools, integrated web-accessible administration, and support for remote-monitoring standards such as Simple Network Management Protocol and syslog. The integrated ASDM interface offers a world-class Web-based management platform that greatly simplifies the installation, in-place modification, and tracking of a specific PIX firewall without the need of any additional software other than an ordinary browser and Java plug-in to be installed on a manager's computer.
Administrators can also remotely set up, track, and analyze PIX security appliances using a CLI interface. Safe command-line interface (CLI) access is possible using several methods such as Secure Shell (SSHv2) Protocol, Telnet over IP Security (IPsec), and out-of-band through a console port. Cisco PIX firewall appliances also include robust automatic-update capabilities, a set of advanced secure remote-administration options that make sure that security configurations and software images are kept up to date.
For additional details about Progent's consulting services for Cisco PIX 500 security appliances, see Cisco PIX 500 firewalls integration and troubleshooting consulting.
Progent's Migration Consulting for Cisco Firewalls
Because Cisco has discontinued selling the PIX and ASA 5500 families of firewalls, many businesses are uncomfortable with depending on a critical infrastructure mechanism that may stop being supported. ASA 5500-X and Firepower Series security appliances have the benefit of being current devices and also offer a number of functions and budgetary advantages in comparison to PIX 500 firewalls. These benefits include substantially higher performance, optional Secure Sockets Layer VPN support, and an expandable design that protects your investment by allowing you to add more security features whenever you require them. Progent's CCIE-certified experts can help you to determine the strategic case for upgrading from PIX 500 or ASA 5500 security appliances, design a migration process that permits a quick and seamless upgrade, assist you to install new ASA 5500-x or Firepower NGFW Series appliances, and offer online, consulting, and technical support services.
Other Ways Progent Can Assist Your Business with Cisco ASA and PIX Firewalls
Cisco's Firepower Series, ASA Series, and PIX firewalls incorporate a wealth of setup, monitoring, and troubleshooting options that give you the ability to set up these security appliances to align optimally with your business requirements. Progent's CCIE authorized network consultants can show you how to build an efficient infrastructure that includes Cisco firewalls and that offers advanced protection, resilience, performance, and manageability. Progent's CISA and CISSP-ISSP-certified IS security professionals can help you to develop a security strategy that makes sense for your business and can set up your security appliance to enforce your security policies. Progent's risk evaluation experts can evaluate the strength of your existing firewall solution and audit the security of your whole IS environment. Progentís Technical Response Center (TRC) can provide urgent online technical support for Cisco products and can give you quick access to a Cisco CCIE expert.
To find out more information about Progent's engineering expertise for Cisco products, pick a subject:
Integration of Cisco and Third-party Security Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
If you wish to ask Progent about engineering assistance for Cisco products, call 1-800-993-9400 or refer to Contact Progent.